CVE-2025-20029: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

A command injection vulnerability (CVE-2025-20029) was discovered in F5's BIG-IP iControl REST and BIG-IP TMOS Shell (tmsh) save command. The vulnerability was disclosed on February 5, 2025, affecting multiple versions of BIG-IP systems. This security flaw allows an authenticated attacker to execute arbitrary system commands on affected systems (F5 Advisory, NVD).

The vulnerability exists in the iControl REST API and the BIG-IP TMOS Shell (tmsh) save command functionality. It has been assigned CWE-78 classification (Improper Neutralization of Special Elements used in an OS Command). The vulnerability received a CVSS v3.1 base score of 8.8 (HIGH) and a CVSS v4.0 base score of 8.7 (HIGH), indicating its severe nature. The vulnerability affects BIG-IP versions 17.1.0-17.1.2, 16.1.0-16.1.5, and 15.1.0-15.1.10 (F5 Advisory, NVD).

The successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary system commands and create or delete files through the control plane. There is no data plane exposure. The high severity scores indicate the potential for significant system compromise if successfully exploited (F5 Advisory).

F5 has released patches for affected versions: 17.1.2.1, 16.1.5.2, and 15.1.10.6. Until patching is possible, temporary mitigations include restricting access to iControl REST by blocking access through self IP addresses and the management interface, and limiting SSH access to trusted networks only. Organizations should change Port Lockdown settings to 'Allow None' for each self IP address or use the 'Allow Custom' option while ensuring iControl REST access is disallowed (F5 Advisory).